Summary
This host is installed with WordPress Stop User Enumeration Plugin and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attacker to enumerate users and get some sensitive information, leads to further attacks.
Impact Level: Application
Solution
No Solution or patch is available as of 5th February, 2014. Information regarding this issue will be updated once the solution details are available.
For updates refer to http://wordpress.org/plugins/stop-user-enumeration
Insight
Username enumeration protection for 'author' parameter via POST request is not proper.
Affected
WordPress Stop User Enumeration Plugin version 1.2.4, Other versions may also be affected.
Detection
Send a crafted data via HTTP POST request and check whether it is able to bypass security restriction or not.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities